Stored XSS in the Profile Update page via the My Name field.
VENDORPHP Scripts Mall Pvt. Ltd.
[Affected Product Code Base]PHP Scripts Mall Chartered Accountant : Auditor Website - 2.0.1
Steps to reproduce-
Go to http://22.214.171.124/~projclient/client/auditor
1. Register and login an account.
2. GO to My Profile and update the My name field with the xss payload
<--`<img/src=` onerror=alert("Pw")> --!>.
3. The xss will be executed throughout all the pages visited.